This Privacy Policy was last updated on: 21 November 2023
We respect your privacy and private life, but sometimes we need your Personal Data. We consider Personal Data to be any information relating to an identified or identifiable person, in conformity with the General Data Protection Regulation (the GDPR).
This policy explains which Personal Data we use and why (the Privacy Policy). Furthermore, you will read how we process, store and protect your Personal Data.
Finally, we outline what rights you have when we process your Personal Data.
This Privacy Policy applies to our Website https://www.elsvanderhelm.com/ (the Website), our online assessment (the App) and other services or products we provide (the Services). We process your Personal Data in accordance with the GDPR and all other relevant legislation and regulations in the field of protection of Personal Data, like the Dutch Telecommunications Act (Telecommunicatiewet) regarding the use of cookies (the Relevant Legislation).
Are you under the age of 16?
If you are younger than 16 years old, you need permission from your parents or legal guardian to use our Website, App and Services.
Processing of Personal Data
In order to provide you with our Website, App and Services, we process your Personal Data.
We also process special categories of Personal Data. We only process these special categories of data with your explicit consent.
How do we receive your Personal Data?
Personal data we receive from you:
We receive Personal Data directly from you when you complete our (sleep) assessment or when you subscribe to our newsletter.
Who is the controller of your Personal Data?
We are the controller of your Personal Data within the meaning of the Relevant Legislation. At the end of this Policy, you can find our contact details and the contact details of our Data Protection Officer.
What Personal Data do we process, for which specified purpose(s), and on which legal basis?
We need some of your Personal Data in order for you to use our Website, Apps and Services.
We are allowed to process your Personal Data, because we comply with the Relevant Legislation. We lawfully process your Personal Data because we:
- Have legal bases for processing your Personal Data;
- Inform you about the processing; and
- Only process data for specific purposes, and no more than is necessary for that.
In the table below you will read (1) which Personal Data we process (2) for which purpose(s) and (3) on which legal basis.
We shall only use your Personal Data for the following purposes or for compatible purposes. By doing so, we will not use your Personal Data in an unexpected manner.
(Personal) Data | Purpose(s) | Legal basis |
Contact Data: – First and/or last name – Email address |
We use these Data: – To correspond with you – For the delivery or performance of our Services to you |
We process these Data on the basis of: – A necessity to perform the contract – Consent |
Content Data related to the Services: – Your questions about our Services – Assessment results/data |
We use these Data: – To provide you with an optimal service – For the delivery or performance of our Services to you |
– A necessity to perform the contract – Consent |
Other Data: – Sex/Gender |
We use these Data: – For the delivery or performance of our Services to you |
– A necessity to perform the contract – Consent |
Special categories of Data: – Data concerning health |
We use these Data: – For the delivery or performance of our Services to you |
– A necessity to perform the contract – Consent |
Are you obliged to share your Personal Data with us?
In some cases, the processing of your Personal Data is necessary. This is relevant, for example, when we have to process your Personal Data in order to oblige to a contract with you or to provide a service to you. Without your Personal Data, we cannot provide our Service to you.
How do we secure your Personal Data?
We make every effort to protect your Personal Data from loss, destruction, use, alteration or dissemination of your Personal Data by unauthorized persons. We ensure that those who have nothing to do with your Personal Data cannot access it. We do this through the following measures:
- Security of Personal Data in accordance with the ISO 27001 standard
- The access to the Personal Data is strictly limited to the employees on a ‘need to know’ basis
- The access to the Personal Data is secured by two-step authentication
- The access to the Personal Data is secured by confidentiality agreements (NDA’s)
We constantly check our security measures for effectiveness, and if necessary adjust our process. That way, your Personal Data is always protected and accessible in the event of a failure.
How long do we store your Personal Data?
We shall not store your Personal Data longer than the period in which we need them for the aforementioned purposes. We delete the Personal Data after we no longer need them for the purpose we process them for. The following is a list of the categories of Personal Data and the (functionally defined) retention periods:
Category of Personal Data | Retention period |
Contact Data | We retain your contact information for as long as necessary to provide our Services. |
Content data related to our Services | We retain content data for as long as necessary to provide you with our Services in an integral and continuous manner. |
With whom do we share your Personal Data?
Processors
We may share your Personal Data with data ‘processors’ within the meaning of the Relevant Legislation. We conclude a Data processing agreement with these parties, which entails that they shall process your Data carefully and that they shall only receive the Personal Data they need to provide their service. These parties shall only use your Personal Data in accordance with our instructions and not for their own purposes. We only share your Personal Data with the following categories of processors: online storage services, calculation services, and consultancy services. They perform the following tasks for us: take care of the storage of data, assist in necessary calculations in order to perform services, and provide advice on how to best deliver services.
If we have a legal obligation to share your Personal Data, we will do so. This is the case, for example, if a public authority legally requires us to share your Personal Data.
Cookies
A cookie is a small text file that can be sent via the server of a website to the browser. The browser saves this file to your computer. Your computer is tagged with a unique number, which enables our site to recognize that computer in the future.
We use cookies to improve the user experience on our Website. Moreover, cookies ensure that the Website works faster, that you can visit our Website safely and that we can track and solve errors on our Website.
You can always delete or disable cookies yourself via the browser settings. No more cookies will be stored when you visit our Website. However, please note that without cookies, our Website may not function as well as it should. For more information you can read our cookie statement: https://www.elsvanderhelm.com/cookies.
Other provisions
Transfer
We also process your Personal Data outside the European Economic Area (EEA). We only do so if a country provides an adequate level of protection for your Personal Data.
We shall never transfer your Personal Data to other countries or to other parties than those mentioned above without your permission.
Websites of third parties
Our website and our App may contain links to other websites. We are not responsible for the content or the privacy protection on these websites. Therefore, we advise you to always read the privacy policy of those websites.
Your rights
You have the following rights:
- The right of access
You can request access to your Personal Data; - The right to rectification
You can request us to correct, limit or delete your Personal Data. In the event of fraud, non-payment or other wrongful acts, we can store some of your Personal Data in a register or on a blacklist; - The right to data portability
You can request a copy of your Personal Data. We can provide this copy to third parties at your request, so you do not have to do so yourself; - The right to object
You can object to the processing of your Personal Data; - The right to file a complaint
You can file a complaint at the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you are of the opinion that we wrongfully process your data; - The right to withdraw consent
You can always withdraw your permission to process your Personal Data. From the moment of your withdrawal, we cannot process your Personal Data anymore.
Modifications to the Privacy Policy
We may modify this Privacy Policy. If we substantially modify the Privacy Policy, we shall place a notification on our Website and in our App together with the new Privacy Policy. We shall notify registered users in case of a substantial modification. If you are not a registered user, we advise you to consult the Website and this Policy regularly.
Contact
In the event that you wish to exercise these rights, or in the event of other questions or remarks regarding our Privacy Policy, you can contact us via the following contact details.
- Els van der Helm
- Rösslimattstrasse 4
- 6005 Luzern
- CHE-168.903.140
- info@elsvanderhelm.com
Data Protection Officer
- Guy Kessels
- guy@elsvanderhelm.com